| Methods Summary |
|---|
| public void | authentication(java.lang.String user, java.lang.String realm, boolean success)Invoked post authentication request for a user in a given realm
if (auditFlag) {
StringBuffer sbuf = new StringBuffer("Audit: Authentication for user = (");
sbuf.append(user);
sbuf.append(") under realm = (");
sbuf.append(realm).append(") returned = ").append(success);
logger.log(Level.INFO, sbuf.toString());
}
|
| private static void | dumpDiagnostics(com.sun.enterprise.deployment.Application app)Do the work for showACL().
logger.finest("====[ Role and ACL Summary ]==========");
if (!app.isVirtual()) {
logger.finest("Summary for application: "+
app.getRegistrationName());
} else {
logger.finest("Standalone module.");
}
logger.finest("EJB components: "+
app.getEjbComponentCount());
logger.finest("Web components: " +
app.getWebComponentCount());
Iterator i;
StringBuffer sb;
// show all roles with associated group & user mappings
Set allRoles = app.getRoles();
if (allRoles == null) {
logger.finest("- No roles present.");
return;
}
SecurityRoleMapper rmap = app.getRoleMapper();
if (rmap == null) {
logger.finest("- No role mappings present.");
return;
}
i = allRoles.iterator();
logger.finest("--[ Configured roles and mappings ]--");
HashMap allRoleMap = new HashMap();
while (i.hasNext()) {
Role r = (Role)i.next();
logger.finest(" [" + r.getName() + "]");
allRoleMap.put(r.getName(), new HashSet());
sb = new StringBuffer();
sb.append(" is mapped to groups: ");
Enumeration grps = rmap.getGroupsAssignedTo(r);
while (grps.hasMoreElements()) {
sb.append(grps.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
sb = new StringBuffer();
sb.append(" is mapped to principals: ");
Enumeration users = rmap.getUsersAssignedTo(r);
while (users.hasMoreElements()) {
sb.append(users.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
}
// Process all EJB modules
Set ejbDescriptorSet = app.getEjbBundleDescriptors() ;
i = ejbDescriptorSet.iterator();
while (i.hasNext()) {
EjbBundleDescriptor bundle = (EjbBundleDescriptor)i.next();
logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
Set ejbs = bundle.getEjbs();
Iterator it = ejbs.iterator();
while (it.hasNext()) {
EjbDescriptor ejb = (EjbDescriptor)it.next();
logger.finest("EJB: "+ejb.getEjbClassName());
// check and show run-as if present
if (!ejb.getUsesCallerIdentity()) {
RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
if (runas == null) {
logger.finest(" (ejb does not use caller "+
"identity)");
} else {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role +
" Principal: " + user);
if (role==null || "".equals(role) ||
user==null || "".equals(user)) {
if(logger.isLoggable(Level.FINEST)){
logger.finest("*** Configuration error!");
}
}
}
}
// iterate through available methods
logger.finest(" Method to Role restriction list:");
Set methods = ejb.getMethodDescriptors();
Iterator si = methods.iterator();
while (si.hasNext()) {
MethodDescriptor md = (MethodDescriptor)si.next();
logger.finest(" "+md.getFormattedString());
Set perms = ejb.getMethodPermissionsFor(md);
StringBuffer rbuf = new StringBuffer();
rbuf.append(" can only be invoked by: ");
Iterator sip = perms.iterator();
boolean unchecked=false,excluded=false,roleBased=false;
while (sip.hasNext()) {
MethodPermission p = (MethodPermission)sip.next();
if (p.isExcluded()) {
excluded=true;
logger.finest(" excluded - can not "+
"be invoked");
} else if (p.isUnchecked()) {
unchecked=true;
logger.finest(" unchecked - can be "+
"invoked by all");
} else if (p.isRoleBased()) {
roleBased = true;
Role r = p.getRole();
rbuf.append(r.getName());
rbuf.append(" ");
// add to role's accessible list
HashSet ram = (HashSet)allRoleMap.get(r.getName());
ram.add(bundle.getName() + ":" +
ejb.getEjbClassName() + "." +
md.getFormattedString());
}
}
if (roleBased) {
logger.finest(rbuf.toString());
if (excluded || unchecked) {
logger.finest("*** Configuration error!");
}
} else if (unchecked) {
if (excluded) {
logger.finest("*** Configuration error!");
}
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
HashSet ram = (HashSet)allRoleMap.get(rksi.next());
ram.add(bundle.getName() + ":" +
ejb.getEjbClassName() + "." +
md.getFormattedString());
}
} else if (!excluded) {
logger.finest("*** Configuration error!");
}
}
// IOR config for this ejb
logger.finest(" IOR configuration:");
Set iors = ejb.getIORConfigurationDescriptors();
if (iors != null) {
Iterator iorsi = iors.iterator();
while (iorsi.hasNext()) {
EjbIORConfigurationDescriptor ior =
(EjbIORConfigurationDescriptor)iorsi.next();
StringBuffer iorsb = new StringBuffer();
iorsb.append("realm=");
iorsb.append(ior.getRealmName());
iorsb.append(", integrity=");
iorsb.append(ior.getIntegrity());
iorsb.append(", trust-in-target=");
iorsb.append(ior.getEstablishTrustInTarget());
iorsb.append(", trust-in-client=");
iorsb.append(ior.getEstablishTrustInClient());
iorsb.append(", propagation=");
iorsb.append(ior.getCallerPropagation());
iorsb.append(", auth-method=");
iorsb.append(ior.getAuthenticationMethod());
logger.finest(iorsb.toString());
}
}
}
}
// show role->accessible methods list
logger.finest("--[ EJB methods accessible by role ]--");
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
String roleName = (String)rksi.next();
logger.finest(" [" + roleName + "]");
HashSet ram = (HashSet)allRoleMap.get(roleName);
Iterator rami = ram.iterator();
while (rami.hasNext()) {
String meth = (String)rami.next();
logger.finest(" "+meth);
}
}
// Process all Web modules
Set webDescriptorSet = app.getWebBundleDescriptors() ;
i = webDescriptorSet.iterator();
while (i.hasNext()) {
WebBundleDescriptor wbd = (WebBundleDescriptor)i.next();
logger.finest("--[ Web module: " + wbd.getContextRoot() + " ]--");
// login config
LoginConfiguration lconf = wbd.getLoginConfiguration();
if (lconf != null) {
logger.finest(" Login config: realm="+
lconf.getRealmName() + ", method="+
lconf.getAuthenticationMethod() + ", form="+
lconf.getFormLoginPage() + ", error="+
lconf.getFormErrorPage());
}
// get WebComponentDescriptorsSet() info
logger.finest(" Contains components:");
Set webComps = wbd.getWebComponentDescriptorsSet();
Iterator webCompsIt = webComps.iterator();
while (webCompsIt.hasNext()) {
WebComponentDescriptor wcd =
(WebComponentDescriptor)webCompsIt.next();
StringBuffer name = new StringBuffer();
name.append(" - "+wcd.getCanonicalName());
name.append(" [ ");
Enumeration urlPs = wcd.getUrlPatterns();
while (urlPs.hasMoreElements()) {
name.append(urlPs.nextElement().toString());
name.append(" ");
}
name.append("]");
logger.finest(name.toString());
RunAsIdentityDescriptor runas =
(RunAsIdentityDescriptor)wcd.getRunAsIdentity();
if (runas!=null) {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role +
" Principal: " + user);
if (role==null || "".equals(role) ||
user==null || "".equals(user)) {
logger.finest("*** Configuration error!");
}
}
}
// security constraints
logger.finest(" Security constraints:");
Enumeration scEnum = wbd.getSecurityConstraints();
while (scEnum.hasMoreElements()) {
SecurityConstraintImpl sc =
(SecurityConstraintImpl)scEnum.nextElement();
Set wrcSet = sc.getWebResourceCollectionSet();
Iterator wrcIt = wrcSet.iterator();
while (wrcIt.hasNext()) {
WebResourceCollectionImpl wrc =
(WebResourceCollectionImpl)wrcIt.next();
// show list of methods for this collection
Enumeration methEnum = wrc.getHttpMethods();
StringBuffer sbm = new StringBuffer();
while (methEnum.hasMoreElements()) {
sbm.append(methEnum.nextElement());
sbm.append(" ");
}
logger.finest(" Using method: "+sbm.toString());
// and then list of url patterns
Enumeration urlEnum = wrc.getUrlPatterns();
while (urlEnum.hasMoreElements()) {
logger.finest(" "+
urlEnum.nextElement().toString());
}
} // end res.collection iterator
// show roles which apply to above set of collections
AuthorizationConstraintImpl authCons =
(AuthorizationConstraintImpl)sc.getAuthorizationConstraint();
Enumeration rolesEnum = authCons.getSecurityRoles();
StringBuffer rsb = new StringBuffer();
rsb.append(" Accessible by roles: ");
while (rolesEnum.hasMoreElements()) {
SecurityRole sr = (SecurityRole)rolesEnum.nextElement();
rsb.append(sr.getName());
rsb.append(" ");
}
logger.finest(rsb.toString());
// show transport guarantee
UserDataConstraint udc =sc.getUserDataConstraint();
if (udc != null) {
logger.finest(" Transport guarantee: "+
udc.getTransportGuarantee());
}
} // end sec.constraint
} // end webDescriptorSet.iterator
logger.finest("======================================");
|
| public void | ejbAsWebServiceInvocation(java.lang.String endpoint, boolean success)Invoked during validation of the web service request
if(auditFlag){
StringBuilder sbuf = new StringBuilder("Audit: [EjbAsWebService] ");
sbuf.append("endpoint : ").append(endpoint).append(", valid request =").append(success);
logger.log(Level.INFO, sbuf.toString());
}
|
| public void | ejbInvocation(java.lang.String user, java.lang.String ejb, java.lang.String method, boolean success)Invoked post ejb authorization request.
if(auditFlag){
// Modified from StringBuffer to StringBuilder
StringBuilder sbuf = new StringBuilder("Audit: [EJB] Authorization for user =");
sbuf.append(user).append(" for ejb = (");
sbuf.append(ejb).append(") method = (").append(method).append(") returned =").append(success);
logger.log(Level.INFO, sbuf.toString());
}
|
| public void | init(java.util.Properties props)
super.init(props);
String audit = props.getProperty(AUDIT_ON);
auditFlag = (audit == null)?false: Boolean.valueOf(audit).booleanValue();
|
| public static boolean | isActive()Check auditing state.
/*
private static String strPrivateAudit = null;
private static String strDenied = null;
private static String strOK = null;
private static String strMethodName = null;
private static String strSession = null;
*/
return auditFlag;
|
| public void | serverShutdown()Invoked upon completion of the server shutdown
if(auditFlag){
logger.log(Level.INFO, "Audit: Application server shutdown complete");
}
|
| public void | serverStarted()Invoked upon completion of the server startup
if(auditFlag){
logger.log(Level.INFO, "Audit: Application server startup complete");
}
|
| public static void | showACL(com.sun.enterprise.deployment.Application app)Diagnostic method. Read roles and ACLs from the given Application
and dump a somewhat organized summary of what has been set.
This can be used to diagnose deployment or runtime deployment errors
as well as to help in configuring application descriptors.
Implementation is not particularly efficient but this is only
called for debugging purposes at startup. All errors are ignored.
if (!isActive() || !logger.isLoggable(Level.FINEST)) {
return;
}
try {
dumpDiagnostics(app);
} catch (Throwable e) {
logger.fine("Error while showing ACL diagnostics: " +
e.toString());
}
|
| public void | webInvocation(java.lang.String user, javax.servlet.http.HttpServletRequest req, java.lang.String type, boolean success)Invoked post web authorization request.
if (auditFlag){
StringBuilder sbuf = new StringBuilder("Audit: [Web] Authorization for user = (");
sbuf.append(user).append(") and permission type = (").append(type).append(") for request ");
sbuf.append(req.getMethod()).append(" ").append(req.getRequestURI()).append(" returned =").append(success);
logger.log(Level.INFO, sbuf.toString());
}
|
| public void | webServiceInvocation(java.lang.String uri, java.lang.String endpoint, boolean success)Invoked during validation of the web service request
if(auditFlag){
StringBuilder sbuf = new StringBuilder("Audit: [WebService] ");
sbuf.append("uri: ").append(uri);
sbuf.append("endpoint: ").append(endpoint);
sbuf.append(", valid request =").append(success);
logger.log(Level.INFO, sbuf.toString());
}
|
